Search results

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets.

Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high.

This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets.

The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.

In order to ensure the health and safety of occupants, buildings must be inspected to check their compliance to current regulatory requirements prompted by occupancy changes, renovations and building code revisions. Recent inspections conducted by Public Works Canada have identified about 1700 occurrences of code violations in 19 buildings. There is an enormous amount of information that can be extracted from the study mentioned above to implement a knowledge‐based expert system to assist in future building inspections. The philosophy of this expert system is to integrate both knowledge‐based and hypertext representation techniques to enable building inspectors to quickly identify code violations, refer to the code text and provide case study information that can assist in resolving a problem. The present paper describes the development framework and details of a prototype implementation known as the Health and Safety Expert System (HASES). The HASES currently addresses the requirements of ‘Section 3.4: Requirements for Exits’ of the 1990 National Building Code of Canada. The software architecture consists of an external database of building details, an object hierarchy and a rule‐base representing the code requirements, hypertext user‐interface for code text and case study information. The ultimate objective is to make this system available for field inspections using notepad computers.

Alcohol availability is strongly related to excessive alcohol consumption. This study aims to examine social marketing’s response to concerns about retailers’ noncompliance with the minimum legal drinking age (MLDA) law by proposing and evaluating a social marketing intervention directed at sellers in off-premise stores.

The study is based on a non-randomized quasi-experimental design, focusing on an evaluation of the implementation of the “18 rules!” intervention in four cities in Slovenia. Two waves of underage purchase attempts were conducted pre- and post-intervention in 24 off-premise businesses, following a mystery shopping protocol.

The initial rate of retailers’ noncompliance with the MLDA law in off-premise establishments was high. After the social marketing intervention, an increase with compliance with the law was observed; the proportion of cashiers selling alcohol to minors after the intervention decreased from 96 to 67 per cent. Qualitative insight suggests an existence of retailers’ dilemma in complying with the MLDA.

A social marketing approach could contribute to a better understanding of the social working of the MLDA law.

A social marketing approach could complement the usual enforcement strategies and contribute to a better understanding of the social working of the MLDA law, and encourage deliberate retailers’ compliance with it while developing valuable exchanges among people and stakeholders.

The paper conceptualizes retailers’ dilemma in complying with the minimal legal drinking age law and offers social marketing response to it. Results of the study show that also solely non-coercive measures have the potential in increasing retailers’ compliance with regulations.

Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers are increasingly expected to develop and maintain privacy-aware systems that both comply with such frameworks and standards and meet reasonable expectations of privacy. This paper aims to facilitate reasoning about privacy compliance, from legal frameworks and standards, with a view to providing necessary technical assurances.

The authors show how the standard extension mechanisms of the UML meta-model might be used to specify and represent data-processing activities in a way that is amenable to privacy compliance checking and assurance.

The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements.

First, the authors show how key aspects of abstract privacy principles can be modelled using stereotypes and tagged values as privacy assumptions and requirements. Second, the authors show how compliance with these principles can be assured via constraints that establish rules for the evaluation of these requirements.

In organizations, individual user’s compliance with business processes is important from a regulatory and efficiency point of view. The restriction of users’ choices by implementing a restrictive information system is a typical approach in many organizations. However, restrictions and mandated compliance may affect employees’ performance negatively. Especially when users need a certain degree of flexibility in completing their work activity. The purpose of this paper is to introduce the concept of directive explanations (DEs). DEs provide context-dependent feedback to users, but do not force users to comply.

The experimental study used in this paper aims at investigating how DEs influence users’ process compliance. The authors used a laboratory experiment to test the proposed hypotheses. Every participant underwent four trials for which business process compliance was measured. Two trial blocks were used to cluster the four trials. Diagrammatic DEs were provided in one of the trial blocks, while textual DEs were provided in the other. Trial blocks were counterbalanced.

The results of the experiment show that DEs influence a user’s compliance, but the effect varies for different types of DEs. The authors believe this study is significant as it empirically examines design characteristics of explanations from knowledge-based systems in the context of business processes.

This study is certainly not without limitations. The sample used for this study was drawn from undergraduate information systems management students. The sample is thus not representative of the general population of organizations’ IT users. However, a student sample adequately represents novice IT users, who are not very familiar with a business process. They are particularly suitable to study how users react to first-time contact with a DE.

The findings of this study are important to designers and implementers of systems that guide users to follow business processes. As the authors have illustrated with a real-world scenario, an ERP system’s explanation can lack details on how a user can resolve a blocked activity. In situations in which users bypass restricted systems, DEs can guide them to comply with a business process. Particularly diagrammatic explanations, which depict actors, activities, and constraints for a business process, have been found to increase the probability that users’ behavior is business process compliant. Less time may be needed to resolve a situation, which can result in very efficient user-system cooperation.

This study makes several important contributions to research on explanations, which are provided by knowledge-based systems. First, the authors conceptualized, designed, and investigated a novel type of explanations, namely, DEs. The results of this study show how dramatic the difference in process compliance performance is when exposed to certain types of DEs (in one group from 57 percent on the initial trial to 82 percent on the fourth trial). This insight is important to derive design guidelines for DE, particularly when multimedia material is used.

As child abuse and neglect in childcare settings continue to occur, a quality childcare workforce is imperative. This paper aims to describe how an efficient and effective childcare Workforce Background Check system was developed and implemented to protect both children and childcare staff in the state of Michigan.

The user-centered design (UCD) approach was used in the creation and statewide implementation of a new acceptable and usable system, the Michigan childcare background check (CCBC) system. The authors conducted focus groups to obtain user feedback and performed several usability evaluations. This approach was used as guidance for the development process and to evaluate the concept designs for the web application that was created.

This paper discusses the overall process of implementing the CCBC program, focusing on successes, barriers and lessons learned in the planning, designing and execution phases. By May 2019, more than 92,069 background checks were conducted on personnel in 8,740 licensed childcare facilities across Michigan. Collaboration across stakeholders in different sectors facilitated the implementation of the new system, while structural barriers and stigma provided barriers to implementation.

Having individuals with various roles, abilities and technical expertise assist with the development and implementation of the system ensured the usability and acceptability of the new system by all types of users.

The general public expects childcare providers to ensure that their employees meet the highest professional standards. Developing effective, easy-to-use fingerprint-based criminal history background check systems to identify ineligible applicants and monitor current employees is one component of an overall strategy to promote child safety and minimize child abuse and neglect in the childcare environments.

This paper provides a practical example of how a CCBC system can be developed, implemented and scaled to be used statewide. This approach can be used by other states or other disciplines with a similar context.

As child abuse and neglect in childcare settings continue to occur, a quality childcare workforce is imperative. This paper shows how this study uses the UCD approach to create an acceptable and usable system and complete statewide implementation of a new Michigan CCBC program. This resulted in an efficient and effective Workforce Background Check system that is essential to protect both children and childcare staff.

Business process (BP) reengineering is defined as reinventing BPs either structurally or technically to achieve dramatic improvements in performance. In any business process reengineering (BPR) project, process modeling is used to reason about problems found in existing (as-is) process and helps to design target (to-be) process. BP model notation is a widely accepted standard for process modeling. “Expressiveness” and “missing formal semantics” are two problems reported to its modeling practices. In existing studies, solutions to these problems are also proposed but still have certain limitations. The paper aims to discuss this issue.

In proposed methodology, a meta-model is formally defined that is composed of commonly used modeling elements and their well-formedness rules to check for syntactic and structural correctness of process models. Proposed solution also check semantics of process models and allows to compare as-is and to-be process models for gap identification which is another important aspect of BPR. To achieve the first goal, Z specification is used to provide formal specifications of modeling constructs and their rules and Z3 (an SMT solver) is used for comparisons and verifying properties.

Proposed method addresses both “expressiveness” and “missing formal semantics” of BPR models. The results of its evaluation clearly indicate that using formally specified meta-model, BPR model is syntactically and structurally correct. Moreover, formal modeling of BPs in Z3 helped to compare processes and to check control flow properties.

Although the proposed method is tested on an example that is widely used in BPR literature, the example is only covering modeling elements which are part of the proposed subset and are reported in literature as frequently used modeling elements. A separate detailed study is required to test it on more complex systems.

Specifying process models using Z specification and Z3 solver requires certain expertise.

The proposed method adds value to BPR body of knowledge as it proposes a method to ensure structural and syntactic correctness of models, highlighting the importance of verifying run time properties and providing a direction toward comparing process models for gap analysis.